149b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# android user-space log manager 249b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaletype logd, domain, mlstrustedsubject; 349b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaletype logd_exec, exec_type, file_type; 449b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 549b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# Read access to pseudo filesystems. 649b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaler_dir_file(logd, cgroup) 749b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaler_dir_file(logd, proc_kmsg) 849b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaler_dir_file(logd, proc_meminfo) 949b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaler_dir_file(logd, proc_net) 1049b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 1149b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleallow logd self:global_capability_class_set { setuid setgid setpcap sys_nice audit_control }; 1249b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleallow logd self:global_capability2_class_set syslog; 1349b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleallow logd self:netlink_audit_socket { create_socket_perms_no_ioctl nlmsg_write }; 1449b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleallow logd kernel:system syslog_read; 1549b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleallow logd kmsg_device:chr_file w_file_perms; 1649b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleallow logd system_data_file:{ file lnk_file } r_file_perms; 1749b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleallow logd pstorefs:dir search; 1849b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleallow logd pstorefs:file r_file_perms; 1949b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleuserdebug_or_eng(` 2049b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale # Access to /data/misc/logd/event-log-tags 2149b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale allow logd misc_logd_file:dir r_dir_perms; 2249b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale allow logd misc_logd_file:file rw_file_perms; 2349b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale') 2449b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleallow logd runtime_event_log_tags_file:file rw_file_perms; 2549b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 2649b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# Access device logging gating property 2749b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleget_prop(logd, device_logging_prop) 2849b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 2949b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaler_dir_file(logd, domain) 3049b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 3149b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleallow logd kernel:system syslog_mod; 3249b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 3349b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwalecontrol_logd(logd) 3449b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleread_runtime_log_tags(logd) 3549b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 3649b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleallow runtime_event_log_tags_file tmpfs:filesystem associate; 3749b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# Typically harmlessly blindly trying to access via liblog 3849b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# event tag mapping while in the untrusted_app domain. 3949b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# Access for that domain is controlled and gated via the 4049b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# event log tag service (albeit at a performance penalty, 4149b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# expected to be locally cached). 4249b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaledontaudit domain runtime_event_log_tags_file:file { open read }; 4349b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 4449b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale### 4549b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale### Neverallow rules 4649b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale### 4749b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale### logd should NEVER do any of this 4849b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 4949b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# Block device access. 5049b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleneverallow logd dev_type:blk_file { read write }; 5149b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 5249b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# ptrace any other app 5349b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleneverallow logd domain:process ptrace; 5449b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 5549b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# ... and nobody may ptrace me (except on userdebug or eng builds) 5649b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleneverallow { domain userdebug_or_eng(`-crash_dump') } logd:process ptrace; 5749b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 5849b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# Write to /system. 5949b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleneverallow logd system_file:dir_file_class_set write; 6049b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 6149b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# Write to files in /data/data or system files on /data 6249b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleneverallow logd { app_data_file system_data_file }:dir_file_class_set write; 6349b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 6449b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# Only init is allowed to enter the logd domain via exec() 6549b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleneverallow { domain -init } logd:process transition; 6649b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleneverallow * logd:process dyntransition; 6749b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 6849b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# protect the event-log-tags file 6949b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleneverallow { 7049b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale domain 7149b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale -init 7249b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale -logd 7349b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale} runtime_event_log_tags_file:file no_w_file_perms; 74